net/http/http_status_line_validator.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_
   6 #define NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_
   7
   8 #include <vector>
   9
  10 #include "base/basictypes.h"
  11 #include "base/strings/string_piece.h"
  12 #include "net/base/net_export.h"
  13
  14 namespace net {
  15
  16 class HttpStatusLineValidator {
  17  public:
  18   // RFC 7230 S3.1.2:
  19   //   status-line = HTTP-version SP status-code SP reason-phrase CRLF
  20   //   status-code = 3DIGIT
  21   //   reason-phrase = *( HTAB / SP / VCHAR / obs-text )
  22   // And from RFC 7230 S2.6:
  23   //   HTTP-version = HTTP-name "/" DIGIT "." DIGIT
  24   //   HTTP-name = "\x48\x54\x54\x50" ; ie, "HTTP" in uppercase
  25   enum StatusLineStatus {
  26     // No violations found.
  27     STATUS_LINE_OK = 0,
  28     // ""
  29     STATUS_LINE_EMPTY = 1,
  30     // "xyzzy"
  31     STATUS_LINE_NOT_HTTP = 2,
  32     // "HtTp/1.1 ..."
  33     STATUS_LINE_HTTP_CASE_MISMATCH = 3,
  34     // "HTTP" or "HTTP/"
  35     STATUS_LINE_HTTP_NO_VERSION = 4,
  36     // "HTTP/abc" or "HTTP/1" or "HTTP/1."
  37     STATUS_LINE_INVALID_VERSION = 5,
  38     // "HTTP/1.234 ..."
  39     STATUS_LINE_MULTI_DIGIT_VERSION = 6,
  40     // "HTTP/3.0 ..."
  41     STATUS_LINE_UNKNOWN_VERSION = 7,
  42     // "HTTP/0.9 ..."
  43     STATUS_LINE_EXPLICIT_0_9 = 8,
  44     // "HTTP/1.1"
  45     STATUS_LINE_MISSING_STATUS_CODE = 9,
  46     // "HTTP/1.1 abc"
  47     STATUS_LINE_INVALID_STATUS_CODE = 10,
  48     // "HTTP/1.1 123a"
  49     STATUS_LINE_STATUS_CODE_TRAILING = 11,
  50     // "HTTP/1.1 404", note that "HTTP/1.1 404 " is a valid empty reason phrase
  51     STATUS_LINE_MISSING_REASON_PHRASE = 12,
  52     // "HTTP/1.1 200 \x01"
  53     STATUS_LINE_REASON_DISALLOWED_CHARACTER = 13,
  54     // "HTTP/1.1   200 OK"
  55     STATUS_LINE_EXCESS_WHITESPACE = 14,
  56     // "HTTP/1.1 600 OK"
  57     STATUS_LINE_RESERVED_STATUS_CODE = 15,
  58
  59     STATUS_LINE_MAX
  60   };
  61
  62   // Checks for violations of the RFC 7230 S3.1.2 status-line grammar, and
  63   // returns the first violation found, or STATUS_LINE_OK if the status line
  64   // looks conforming.
  65   static StatusLineStatus NET_EXPORT_PRIVATE ValidateStatusLine(
  66       const base::StringPiece& status_line);
  67
  68  private:
  69   static StatusLineStatus CheckHttpVersionSyntax(
  70       const base::StringPiece& version);
  71   static StatusLineStatus CheckStatusCodeSyntax(
  72       const base::StringPiece& status_code);
  73   // Checks |fields| against the reason-phrase syntax in RFC 7230 S3.1.2, ie:
  74   //   reason-phrase = *( HTAB / SP / VCHAR / obs-text )
  75   // Note that the HTTP stream parser ignores the reason-phrase entirely, so
  76   // this check is needlessly pedantic.
  77   static StatusLineStatus CheckReasonPhraseSyntax(
  78       const std::vector<base::StringPiece>& fields,
  79       size_t start_index);
  80
  81   DISALLOW_IMPLICIT_CONSTRUCTORS(HttpStatusLineValidator);
  82 };
  83
  84 }  // namespace net
  85
  86 #endif  // NET_HTTP_HTTP_STATUS_LINE_VALIDATOR_H_